DOCSLIB.ORG

Continuous Auditing of SSH Servers to Mitigate Brute-Force Attacks Phuong M

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Continuous Auditing of SSH Servers to Mitigate Brute-Force Attacks Phuong M CAUDIT: Continuous Auditing of SSH Servers To Mitigate Brute-Force Attacks Phuong M. Cao, Yuming Wu, and Subho S. Banerjee, UIUC; Justin Azoff and Alex Withers, NCSA; Zbigniew T. Kalbarczyk and Ravishankar K. Iyer, UIUC https://www.usenix.org/conference/nsdi19/presentation/cao This paper is included in the Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’19). February 26–28, 2019 • Boston, MA, USA ISBN 978-1-931971-49-2 Open access to the Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’19) is sponsored by CAUDIT: Continuous Auditing of SSH Servers to Mitigate Brute-Force Attacks Phuong M. Cao1, Yuming Wu1, Subho S. Banerjee1, Justin Azoff2;3, Alexander Withers3, Zbigniew T. Kalbarczyk1, Ravishankar K. Iyer1 1University of Illinois at Urbana-Champaign, 2Corelight, 3National Center for Supercomputing Applications Abstract While only a small fraction of such attempts succeed, they This paper describes CAUDIT1, an operational system have led to major misuses in 51% of 1,800 surveyed organi- deployed at the National Center for Supercomputing Applica- zations, with a financial impact of up to $500,000 per organi- tions (NCSA) at the University of Illinois. CAUDIT is a fully zation [7]. automated system that enables the identification and exclusion This paper describes the production deployment of of hosts that are vulnerable to SSH brute-force attacks. Its CAUDIT at the National Center for Supercomputing Ap- key features include: 1) a honeypot for attracting SSH-based plications (NCSA) at the University of Illinois over a period attacks over a /16 IP address range and extracting key meta- of 463 days. CAUDIT is a fully automated system to identify data (e.g., source IP, password, SSH-client version, or key and exclude hosts that are vulnerable to SSH brute-force at- fingerprint) from these attacks; 2) executing audits on the live tacks. The system is composed of existing techniques with production network by replaying of attack attempts recorded custom-built components, and its novelty is to execute at a by the honeypot; 3) using the IP addresses recorded by the scale that has not been validated earlier (with thousands of honeypot to block SSH attack attempts at the network border nodes and tens of millions of attack attempts per day). The by using a Black Hole Router (BHR) while significantly re- key components of the proposed system are as follows. ducing the load on NCSA’s security monitoring system; and 4) • An SSH-based honeypot deployed on an entire /16 class- the ability to inform peer sites of attack attempts in real-time less inter-domain routing (CIDR) network2 that mimics to ensure containment of coordinated attacks. The system is a realistic server farm of 65,536 machines. In contrast composed of existing techniques with custom-built compo- with other honeypots [8–12], ours is non-interactive, nents, and its novelty is its ability to execute at a scale that has i.e., it only records and immediately rejects any attack not been validated earlier (with thousands of nodes and tens attempts; thus, it has a small memory footprint that re- of millions of attack attempts per day). Experience over 463 duces the operational risk of exploiting the honeypot to days shows that CAUDIT successfully blocks an average of get into the internal network. 57 million attack attempts on a daily basis using the proposed BHR. This represents a 66× reduction in the number of SSH • A continuous SSH auditing tool (driven by attack at- attempts compared to the daily average and has reduced the tempts recorded using the honeypot) that automatically traffic to the NCSA’s internal network-security-monitoring replays the attempted attacks against an internal network infrastructure by 78%. in order to uncover vulnerable hosts. This approach 1 Introduction extends the notion of fire drills in production systems for reliability testing [13–15]. CAUDIT minimizes the Security auditing of large-scale networks is challenging auditing tool’s disruption of the production network, e.g., due to the constantly evolving configurations of networked de- by subscribing to SSH protocol activities by using the vices [1,2]. Critical devices often expose their remote access deep packet inspection capabilities of existing network interfaces to the Internet via the Secure Socket Shell (SSH) security monitors such as the Bro IDS [16]. protocol [3], often using default usernames/passwords [4]. The availability of stolen credentials [5] has added a new • An enhanced black hole router (BHR) deployed at the dimension to the problem: attackers can now remotely mas- production system’s borders to support automated re- querade as legitimate users and penetrate internal networks to sponse to malicious IP addresses identified by the audit- misuse computational resources and leak sensitive data [6]. 2The address space belonged to a Fortune 50 company but has been 1 https://pmcao.github.io/caudit transferred to NCSA. USENIX Association 16th USENIX Symposium on Networked Systems Design and Implementation 667 ing tool. The BHR is integrated with a flow-shunting • We investigated a new observation on SSH attack at- tool that discards high-volume irrelevant packets, e.g., tempts that use keys. While traditional SSH attempts virtual private network (VPN) traffic, before they get use known username and password pairs, the honey- parsed by the kernel’s networking stack. This enhances pot’s collected data on attack attempts indicate that most the BHRs ability to block brute-force SSH attacks and of the SSH keys used by attackers were not previously bypass legitimate network flows to reduce the load on known and were mutually exclusive to each source IP network security monitors. address. This finding suggests that attackers obtained the keys via direct compromise of file systems, either • A security alert-sharing network to provide timely alerts by using ransomware or through reverse-engineering of to peer sites to ensure containment of coordinated at- keys embedded in the firmware of IoT devices. tacks [17]. All attack attempts (recorded by the hon- eypot) are encrypted and shared (in real time) with ten • Companies make extensive use of SSH private keys authenticated peer sites (nine in the U.S. and one in for automated server management, but our analysis Singapore). strengthen the risk of improperly using SSH keys Placing CAUDIT in perspective. Prior work on SSH se- through discovered incidents. Our analysis has led to curity auditing has focused on preventing SSH brute-force the implementation of new security policies at NCSA. attacks [16, 18, 19] using multi-factor authentication [20], First, all known SSH hosts in the known_host file must deceiving attackers by using honeypots [9, 21, 22], Internet- be hashed to hide the actual host names in the event of a scale scanning of vulnerable hosts [23], and use of Black successful compromise, thus reducing attackers’ lateral Hole Routers to block blacklisting-based malicious IP ad- movements. Second, SSH passphrases must be enforced dresses [24]. Such approaches have helped network operators in private keys to prevent the use of the leaked keys. run ad-hoc scans and analyses of attacks after the fact. Par- While the current implementation of CAUDIT focuses on ticipants in red teams and bug bounty programs emulates brute-force SSH attacks, the proposed architecture can be malicious behavior of attackers to uncover security vulner- extended to address other types of attacks. We has open- abilities and bugs [25]. However, such processes are still sourced our implementation.3 manually driven by security experts and are therefore difficult to scale for large production networks. The above techniques 2 Background are often ineffective in practice, e.g., 1) SSH honeypots do not This section provides an overview of the daily operations attract a large amount of traffic; 2) large-scale network scan- at NCSA and the typical threats targeting its infrastructure. ning hampers the performance of production networks, and 3) 2.1 Daily operations at NCSA it is problematic to maintain and manage a large blacklist (e.g., NCSA provides integrated cyberinfrastructure that includes because of false positive filtering). In addition, coordinated computing, data, networking, and visualization resources to attacks can be thwarted using security intelligence sharing enable research of scientists and engineers at the Univer- and analysis between geo-distributed sites [26]. Most impor- sity of Illinois at Urbana-Champaign (UIUC) and across tantly, such efforts have never been integrated as a whole and the country. NCSA hosts Blue Waters [27], a sustained validated at a large scale in production workloads. Those petaflop system that is a prime attack target, as attackers limitations have motivated us to design a scalable auditing wish to exploit its processing power and exfiltrate sensitive system. data in storage. On a daily basis, thousands of researchers During 463 days production deployment at NCSA, the hon- access NCSA’s cyber-infrastructure remotely (using SSH pro- eypot attracted attacks that originated in 76% of the registered tocols) via a wide area network (WAN) to carry out exper- IPv4 autonomous systems (ASes), with a total of 405 million iments. NCSA observes 5,970 (variance = 1;541 users) le- attack attempts from 4 million unique source IP addresses. gitimate remote logins every day. At the same time, we ob- On a daily basis, the BHR blocked an average of 57 million served an average of 875;491 credential-guessing activities SSH attack attempts. On average, 875,491 attack attempts (405;352;245 attacks=463 days), which are 147× more frequent than per day passed the BHR and were recorded at the honeypot legitimate login activities (875;491 attack SSH=5;970 legitimate SSH). to support the fire drill. Our operational experiences were as Several computing and data services at NCSA, e.g., a Ku- follows.
Load more

Recommended publications
  • FY 2011 Annual Report
    We're software roadies. Software Freedom Conservancy is a public charity that acts as a non-profit home for dozens of Free, Libre, and Open Source Software (FLOSS) projects. Conservancy©s charitable mission is to help improve, develop, and defend FLOSS, and we do that by providing business, legal, and administrative services to our member projects. We have the honor of working with member projects comprised of, in our humble opinion, many of the best software developers in the world. Some of our member projects develop system software so ubiquitous that it permeates virtually every part of our society©s electronics-driven lifestyle. Other member projects are redefining how software will be written and even how computer science will be taught to the next generation of developers. Still others find their niche by solving a small-but- persistent problem better than anyone else ± and attract a cult following of users because of it. And, best of all, all of our member projects release their software under a license that allows the public to study, use, improve, and share the source code. Conservancy provides all of our ªrock starº member projects with a comprehensive suite of services, and then we get out of their way to let them do what they do best: write great software for the public©s benefit. Our structure. Conservancy acts as a fiscal sponsor to our member projects. We©ve engaged the leadership of each member project©s developer community and executed a fiscal sponsorship agreement that allows us to adopt that project as an official part of Conservancy©s corporate structure.
    [Show full text]
  • Linux Journal | August 2014 | Issue
    ™ SPONSORED BY Since 1994: The Original Magazine of the Linux Community AUGUST 2014 | ISSUE 244 | www.linuxjournal.com PROGRAMMING HOW-TO: + OpenGL Build, Develop Programming and Validate Creation of RPMs USE VAGRANT Sysadmin Cloud for an Easier Troubleshooting Development with dhclient Workflow Tips for PROMISE Becoming a THEORY Web Developer An In-Depth A Rundown Look of Linux for Recreation V WATCH: ISSUE OVERVIEW LJ244-Aug2014.indd 1 7/23/14 6:56 PM Get the automation platform that makes it easy to: Build Infrastructure Deploy Applications Manage In your data center or in the cloud. getchef.com LJ244-Aug2014.indd 2 7/23/14 11:41 AM Are you tiredtiered of of dealing dealing with with proprietary proprietary storage? storage? ® 9%2Ä4MHÆDCÄ2SNQ@FD ZFS Unified Storage zStax StorCore from Silicon - From modest data storage needs to a multi-tiered production storage environment, zStax StorCore zStax StorCore 64 zStax StorCore 104 The zStax StorCore 64 utilizes the latest in The zStax StorCore 104 is the flagship of the dual-processor Intel® Xeon® platforms and fast zStax product line. With its highly available SAS SSDs for caching. The zStax StorCore 64 configurations and scalable architecture, the platform is perfect for: zStax StorCore 104 platform is ideal for: VPDOOPHGLXPRIILFHILOHVHUYHUV EDFNHQGVWRUDJHIRUYLUWXDOL]HGHQYLURQPHQWV VWUHDPLQJYLGHRKRVWV PLVVLRQFULWLFDOGDWDEDVHDSSOLFDWLRQV VPDOOGDWDDUFKLYHV DOZD\VDYDLODEOHDFWLYHDUFKLYHV TalkTalk with with an anexpert expert today: today: 866-352-1173 866-352-1173 - http://www.siliconmechanics.com/zstax LJ244-Aug2014.indd 3 7/23/14 11:41 AM AUGUST 2014 CONTENTS ISSUE 244 PROGRAMMING FEATURES 64 Vagrant 74 An Introduction to How to use Vagrant to create a OpenGL Programming much easier development workflow.
    [Show full text]
  • SL8500 Modular Library System
    StorageTek SL8500 Modular Library System Systems Assurance Guide Part Number: MT9229 May 2010 Revision: L Submit comments about this document by clicking the Feedback [+] link at: http://docs.sun.com StorageTek SL8500 Modular Library System - Systems Assurance Guide MT9229 Revision: L Copyright © 2004, 2010, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related software documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are “commercial computer software” or “commercial technical data” pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007).
    [Show full text]
  • Encryption Suite
    comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 1 comForte´scomforte’s encryptionencryptio nsuite suite ProtectProtect passwords passwords andand confidentialconfidential applicationapplication data data on on HP HP NonStopE Nonsto psystems systems SSecurCSecurCS Se SecurTNcurTN Se SecurFTPcurFTP Sec SecurLiburLib Secu SecurSHrSH Secu SecurPrintrPrint communication is our Forte comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 2 Overview comForte offers a rich set of products The following diagram shows all products All our products take advantage of the most depending on the protocol you want to together. This diagram may look confusing widely used and accepted security protocols: encrypt. Even for a single protocol (such at first glance, but we do believe that our Depending on the product, connections are as Telnet) we offer different solutions rich set of products allows us to tailor our secured either via SSL (Secure Sockets Layer, depending on your requirements. solutions according to the customers’ now standardized by the IETF as Transport requirements rather than according to our Layer Security – TLS) or via SSH2 (Secure Shell product set. The purpose of this flyer is to protocol version 2). provide an overview of the different products and to help you find the right solution for All our solutions can restrict access to your your requirements. NonStop system to “encrypted only” and also provide some basic firewall capabilities. comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 3 Telnet Encryption Many organizations are realizing that using Webbrowser access to NonStop 6530 single, integrated product. SecurTN replaces Telnet over a heterogenous TCP/IP network and 3270 applications and services, TELSERV, thereby eliminating the “256 session results in reduced security: all protective delivering them to users both inside only” limit of TELSERV.
    [Show full text]
  • Linux Journal | February 2016 | Issue
    ™ A LOOK AT KDE’s KStars Astronomy Program Since 1994: The Original Magazine of the Linux Community FEBRUARY 2016 | ISSUE 262 | www.linuxjournal.com + Programming Working with Command How-Tos Arguments in Your Program a Shell Scripts BeagleBone Interview: Katerina Black Barone-Adesi on to Help Brew Beer Developing the Snabb Switch Network Write a Toolkit Short Script to Solve a WATCH: ISSUE Math Puzzle OVERVIEW V LJ262-February2016.indd 1 1/21/16 5:26 PM NEW! Agile Improve Product Business Development Processes with an Enterprise Practical books Author: Ted Schmidt Job Scheduler for the most technical Sponsor: IBM Author: Mike Diehl Sponsor: people on the planet. Skybot Finding Your DIY Way: Mapping Commerce Site Your Network Author: to Improve Reuven M. Lerner Manageability GEEK GUIDES Sponsor: GeoTrust Author: Bill Childers Sponsor: InterMapper Combating Get in the Infrastructure Fast Lane Sprawl with NVMe Author: Author: Bill Childers Mike Diehl Sponsor: Sponsor: Puppet Labs Silicon Mechanics & Intel Download books for free with a Take Control Linux in simple one-time registration. of Growing the Time Redis NoSQL of Malware http://geekguide.linuxjournal.com Server Clusters Author: Author: Federico Kereki Reuven M. Lerner Sponsor: Sponsor: IBM Bit9 + Carbon Black LJ262-February2016.indd 2 1/21/16 5:26 PM NEW! Agile Improve Product Business Development Processes with an Enterprise Practical books Author: Ted Schmidt Job Scheduler for the most technical Sponsor: IBM Author: Mike Diehl Sponsor: people on the planet. Skybot Finding Your DIY Way: Mapping Commerce Site Your Network Author: to Improve Reuven M. Lerner Manageability GEEK GUIDES Sponsor: GeoTrust Author: Bill Childers Sponsor: InterMapper Combating Get in the Infrastructure Fast Lane Sprawl with NVMe Author: Author: Bill Childers Mike Diehl Sponsor: Sponsor: Puppet Labs Silicon Mechanics & Intel Download books for free with a Take Control Linux in simple one-time registration.
    [Show full text]
  • DM-Relay - Safe Laptop Mode Via Linux Device Mapper
    ' $ DM-Relay - Safe Laptop Mode via Linux Device Mapper Study Thesis by cand. inform. Fabian Franz at the Faculty of Informatics Supervisor: Prof. Dr. Frank Bellosa Supervising Research Assistant: Dipl.-Inform. Konrad Miller Day of completion: 04/05/2010 &KIT – Universitat¨ des Landes Baden-Wurttemberg¨ und nationales Forschungszentrum in der Helmholtz-Gemeinschaft www.kit.edu % I hereby declare that this thesis is my own original work which I created without illegitimate help by others, that I have not used any other sources or resources than the ones indicated and that due acknowledgment is given where reference is made to the work of others. Karlsruhe, April 5th, 2010 Contents Deutsche Zusammenfassung xi 1 Introduction 1 1.1 Problem Definition . .1 1.2 Objectives . .1 1.3 Methodology . .1 1.4 Contribution . .2 1.5 Thesis Outline . .2 2 Background 3 2.1 Problems of Disk Power Management . .3 2.2 State of the Art . .4 2.3 Summary of this chapter . .8 3 Analysis 9 3.1 Pro and Contra . .9 3.2 A new approach . 13 3.3 Analysis of Proposal . 15 3.4 Summary of this chapter . 17 4 Design 19 4.1 Common problems . 19 4.2 System-Design . 21 4.3 Summary of this chapter . 21 5 Implementation of a dm-module for the Linux kernel 23 5.1 System-Architecture . 24 5.2 Log suitable for Flash-Storage . 28 5.3 Using dm-relay in practice . 31 5.4 Summary of this chapter . 31 vi Contents 6 Evaluation 33 6.1 Methodology . 33 6.2 Benchmarking setup .
    [Show full text]
  • Linux Journal | January 2016 | Issue
    ™ AUTOMATE Full Disk Encryption Since 1994: The Original Magazine of the Linux Community JANUARY 2016 | ISSUE 261 | www.linuxjournal.com IMPROVE + Enhance File Transfer Client-Side Performance Security for Users Making Sense of Profiles and RC Scripts ABINIT for Computational Chemistry Research Leveraging Ad Blocking WATCH: ISSUE Audit Serial OVERVIEW Console Access V LJ261-January2016.indd 1 12/17/15 8:35 PM Improve Finding Your Business Way: Mapping Processes with Your Network Practical books an Enterprise to Improve Job Scheduler Manageability for the most technical Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: people on the planet. Skybot InterMapper DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: GEEK GUIDES Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs Get in the Take Control Fast Lane of Growing with NVMe Redis NoSQL Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M. Lerner Silicon Mechanics Sponsor: IBM & Intel Download books for free with a Linux in Apache Web simple one-time registration. the Time Servers and of Malware SSL Encryption Author: Author: http://geekguide.linuxjournal.com Federico Kereki Reuven M. Lerner Sponsor: Sponsor: GeoTrust Bit9 + Carbon Black LJ261-January2016.indd 2 12/17/15 8:35 PM Improve Finding Your Business Way: Mapping Processes with Your Network Practical books an Enterprise to Improve Job Scheduler Manageability for the most technical Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: people on the planet. Skybot InterMapper DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: GEEK GUIDES Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs Get in the Take Control Fast Lane of Growing with NVMe Redis NoSQL Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M.
    [Show full text]
  • Scripting the Openssh, SFTP, and SCP Utilities on I Scott Klement
    Scripting the OpenSSH, SFTP, and SCP Utilities on i Presented by Scott Klement http://www.scottklement.com © 2010-2015, Scott Klement Why do programmers get Halloween and Christmas mixed-up? 31 OCT = 25 DEC Objectives Of This Session • Setting up OpenSSH on i • The OpenSSH tools: SSH, SFTP and SCP • How do you use them? • How do you automate them so they can be run from native programs (CL programs) 2 What is SSH SSH is short for "Secure Shell." Created by: • Tatu Ylönen (SSH Communications Corp) • Björn Grönvall (OSSH – short lived) • OpenBSD team (led by Theo de Raadt) The term "SSH" can refer to a secured network protocol. It also can refer to the tools that run over that protocol. • Secure replacement for "telnet" • Secure replacement for "rcp" (copying files over a network) • Secure replacement for "ftp" • Secure replacement for "rexec" (RUNRMTCMD) 3 What is OpenSSH OpenSSH is an open source (free) implementation of SSH. • Developed by the OpenBSD team • but it's available for all major OSes • Included with many operating systems • BSD, Linux, AIX, HP-UX, MacOS X, Novell NetWare, Solaris, Irix… and yes, IBM i. • Integrated into appliances (routers, switches, etc) • HP, Nokia, Cisco, Digi, Dell, Juniper Networks "Puffy" – OpenBSD's Mascot The #1 SSH implementation in the world. • More than 85% of all SSH installations. • Measured by ScanSSH software. • You can be sure your business partners who use SSH will support OpenSSH 4 Included with IBM i These must be installed (all are free and shipped with IBM i **) • 57xx-SS1, option 33 = PASE • 5733-SC1, *BASE = Portable Utilities • 5733-SC1, option 1 = OpenSSH, OpenSSL, zlib • 57xx-SS1, option 30 = QShell (useful, not required) ** in v5r3, had 5733-SC1 had to be ordered separately (no charge.) In v5r4 or later, it's shipped automatically.
    [Show full text]
  • Praise for the Official Ubuntu Book
    Praise for The Official Ubuntu Book “The Official Ubuntu Book is a great way to get you started with Ubuntu, giving you enough information to be productive without overloading you.” —John Stevenson, DZone Book Reviewer “OUB is one of the best books I’ve seen for beginners.” —Bill Blinn, TechByter Worldwide “This book is the perfect companion for users new to Linux and Ubuntu. It covers the basics in a concise and well-organized manner. General use is covered separately from troubleshooting and error-handling, making the book well-suited both for the beginner as well as the user that needs extended help.” —Thomas Petrucha, Austria Ubuntu User Group “I have recommended this book to several users who I instruct regularly on the use of Ubuntu. All of them have been satisfied with their purchase and have even been able to use it to help them in their journey along the way.” —Chris Crisafulli, Ubuntu LoCo Council, Florida Local Community Team “This text demystifies a very powerful Linux operating system . in just a few weeks of having it, I’ve used it as a quick reference a half dozen times, which saved me the time I would have spent scouring the Ubuntu forums online.” —Darren Frey, Member, Houston Local User Group This page intentionally left blank The Official Ubuntu Book Sixth Edition This page intentionally left blank The Official Ubuntu Book Sixth Edition Benjamin Mako Hill Matthew Helmke Amber Graner Corey Burger With Jonathan Jesse, Kyle Rankin, and Jono Bacon Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
    [Show full text]
  • Centrify Putty Guide
    Centrify-enabled PuTTY User’s Guide September 2020 (release 2020) Centrify Corporation • • • • • • Legal Notice This document and the software described in this document are furnished under and are subject to the terms of a license agreement or a non-disclosure agreement. Except as expressly set forth in such license agreement or non-disclosure agreement, Centrify Corporation provides this document and the software described in this document “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Some states do not allow disclaimers of express or implied warranties in certain transactions; therefore, this statement may not apply to you. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of Centrify Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of Centrify Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Centrify Corporation may make improvements in or changes to the software described in this document at any time.
    [Show full text]
  • Oracle Enterprise Session Border Controller – Acme Packet 4600 and Microsoft Skype for Business for Enterprise SIP Trunking with NTT Communications
    Oracle Enterprise Session Border Controller – Acme Packet 4600 and Microsoft Skype for Business for Enterprise SIP Trunking with NTT Communications Technical Application Note Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2 Table of Contents INTENDED AUDIENCE ......................................................................................................................................... ..4 DOCUMENT OVERVIEW ....................................................................................................................................... .4 INTRODUCTION ..................................................................................................................................................... .5 AUDIENCE ............................................................................................................................................................................................ .5 REQUIREMENTS .................................................................................................................................................................................. .5 ARCHITECTURE ..................................................................................................................................................................................
    [Show full text]
  • Kafl: Hardware-Assisted Feedback Fuzzing for OS Kernels
    kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Sergej Schumilo1, Cornelius Aschermann1, Robert Gawlik1, Sebastian Schinzel2, Thorsten Holz1 1Ruhr-Universität Bochum, 2Münster University of Applied Sciences Motivation IJG jpeg libjpeg-turbo libpng libtiff mozjpeg PHP Mozilla Firefox Internet Explorer PCRE sqlite OpenSSL LibreOffice poppler freetype GnuTLS GnuPG PuTTY ntpd nginx bash tcpdump JavaScriptCore pdfium ffmpeg libmatroska libarchive ImageMagick BIND QEMU lcms Adobe Flash Oracle BerkeleyDB Android libstagefright iOS ImageIO FLAC audio library libsndfile less lesspipe strings file dpkg rcs systemd-resolved libyaml Info-Zip unzip libtasn1OpenBSD pfctl NetBSD bpf man mandocIDA Pro clamav libxml2glibc clang llvmnasm ctags mutt procmail fontconfig pdksh Qt wavpack OpenSSH redis lua-cmsgpack taglib privoxy perl libxmp radare2 SleuthKit fwknop X.Org exifprobe jhead capnproto Xerces-C metacam djvulibre exiv Linux btrfs Knot DNS curl wpa_supplicant Apple Safari libde265 dnsmasq libbpg lame libwmf uudecode MuPDF imlib2 libraw libbson libsass yara W3C tidy- html5 VLC FreeBSD syscons John the Ripper screen tmux mosh UPX indent openjpeg MMIX OpenMPT rxvt dhcpcd Mozilla NSS Nettle mbed TLS Linux netlink Linux ext4 Linux xfs botan expat Adobe Reader libav libical OpenBSD kernel collectd libidn MatrixSSL jasperMaraDNS w3m Xen OpenH232 irssi cmark OpenCV Malheur gstreamer Tor gdk-pixbuf audiofilezstd lz4 stb cJSON libpcre MySQL gnulib openexr libmad ettercap lrzip freetds Asterisk ytnefraptor mpg123 exempi libgmime pev v8 sed awk make
    [Show full text]